# includedir /etc/krb5.conf.d/

[libdefaults]
  default_realm = {{ ipa_realm }}
  dns_lookup_realm = false
  dns_lookup_kdc = false
  rdns = false
  dns_canonicalize_hostname = false
  ticket_lifetime = 24h
  renew_lifetime = 7d
  forwardable = true
  udp_preference_limit = 0
  default_ccache_name = FILE:/tmp/%u.ccache
  default_keytab_name = FILE:/etc/keytabs/host.keytab
  default_client_keytab_name = FILE:/etc/keytabs/service.keytab

[realms]
  {{ ipa_realm }} = {
    kdc = {{ ipa_server }}:88
    master_kdc = {{ ipa_server }}:88
    admin_server = {{ ipa_server }}:749
    kpasswd_server = {{ ipa_server }}:464
    default_domain = {{ ipa_realm | lower }}
    pkinit_anchors = FILE:/etc/ipa/ca.crt
    pkinit_pool = FILE:/etc/ipa/ca.crt
  }

[domain_realm]
  .fedoraproject.org = FEDORAPROJECT.ORG
  fedoraproject.org = FEDORAPROJECT.ORG
  .{{ datacenter }}.fedoraproject.org = FEDORAPROJECT.ORG
  {{ datacenter }}.fedoraproject.org = FEDORAPROJECT.ORG
  .stg.fedoraproject.org = STG.FEDORAPROJECT.ORG
  stg.fedoraproject.org = STG.FEDORAPROJECT.ORG
  .{{ datacenter }}.stg.fedoraproject.org = STG.FEDORAPROJECT.ORG
  {{ datacenter }}.stg.fedoraproject.org = STG.FEDORAPROJECT.ORG
  {{ public_hostname }} = {{ ipa_realm }}
